func main() {
cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
if err != nil {
log.Fatalf("server : loadkeys :%s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Time = time.Now
config.Rand = rand.Reader
service := "127.0.0.1:10000"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server : listen: %s", err)
}
log.Print("server: listening")
for {
conn, err := listener.Accept()
if err != nil {
log.Panicf("server:accept :%s", err)
break
}
log.Printf("server : accepted from %s", conn.RemoteAddr())
go handleClient(conn)
}
}
func (s *Server) Serve() error {
var tlsconfig tls.Config
tlsconfig.MinVersion = tls.VersionTLS10
cert, err := tls.LoadX509KeyPair(s.SSLCertificate, s.SSLKey)
if err != nil {
return fmt.Errorf("Failed loading client ssl certificate: %s", err)
}
tlsconfig.Certificates = []tls.Certificate{cert}
tlsconfig.Rand = rand.Reader
service := fmt.Sprintf("0.0.0.0:%s", s.Port)
listener, err := tls.Listen("tcp", service, &tlsconfig)
if err != nil {
return err
}
log.Print("server: listening")
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("server: accept: %s", err)
break
}
defer conn.Close()
log.Printf("server: accepted from %s", conn.RemoteAddr())
go s.handleClient(conn)
}
return nil
}
func main() {
cert, err := tls.LoadX509KeyPair("../certs/CARoot.crt", "../certs/CARoot.key")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
service := "0.0.0.0:9999"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Print("server: listening")
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("server: accept: %s", err)
break
}
defer conn.Close()
log.Printf("server: accepted from %s", conn.RemoteAddr())
tlscon, ok := conn.(*tls.Conn)
if ok {
log.Print("ok=true")
state := tlscon.ConnectionState()
for _, v := range state.PeerCertificates {
log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
}
}
handleClient(conn)
}
}
// TLS server that prints out the certs provided by
// the connecting client, and does a simple echo
func main() {
// Load certs, config, and start listening
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
config.Rand = rand.Reader
service := "0.0.0.0:8000"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Print("server: listening")
// Infinite listen loop. Create goroutine for each client
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("server: accept: %s", err)
break
}
log.Printf("server: accepted from %s", conn.RemoteAddr())
go handleClient(conn)
}
}
func StartServer() *Server {
bin := GetBinDir()
var cert tls.Certificate
var err error
for cert, err = tls.LoadX509KeyPair(bin+"cert.pem", bin+"key.pem"); err != nil; {
MakeCert("127.0.0.1")
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
service := ":10234"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server: listen: %s", err)
}
s := Server{
make(map[string][]byte),
sync.Mutex{},
//make(map[string][]byte),
//sync.RWMutex{},
make(map[string]*User),
sync.RWMutex{},
make(map[string]*File),
listener,
make(chan *Packet, 10), //Channel for incoming messages
make(chan *Packet, 10), //Channel for parsed messages to be sent
NewLog(64),
}
s.LoginPrompt()
return &s
}
func main() {
cert, err := tls.LoadX509KeyPair("C:\\Users\\Marcelle\\git\\huuzlee\\go\\AA_NET\\go-ssl\\certs\\server.pem", "certs/server.key")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
service := "0.0.0.0:8000"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Print("server: listening")
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("server: accept: %s", err)
break
}
defer conn.Close()
log.Printf("server: accepted from %s", conn.RemoteAddr())
tlscon, ok := conn.(*tls.Conn)
if ok {
log.Print("ok=true")
state := tlscon.ConnectionState()
for _, v := range state.PeerCertificates {
log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
}
}
go handleClient(conn)
}
}
//func ListenTls(port string, initiate bool, delay int, certname string, keyname string, verbose bool) {
func ListenTls(settings config.Settings) {
c, err := exists(settings.CertName)
k, err := exists(settings.KeyName)
if !c {
log.Printf("Cert file doesnt exist! %s", err)
GenKeyCert("127.0.0.1", settings.CertName, settings.KeyName)
} else if !k {
log.Printf("Key file doesnt exist! %s", err)
GenKeyCert("127.0.0.1", settings.CertName, settings.KeyName)
}
cert, err := tls.LoadX509KeyPair(settings.CertName, settings.KeyName)
if err != nil {
log.Fatalf("TLS: loadkeys: %s", err)
}
conf := tls.Config{Certificates: []tls.Certificate{cert}} //, ClientAuth: tls.RequireAnyClientCert}
conf.Rand = rand.Reader
service := GetAddress(settings, "0.0.0.0")
listener, err := tls.Listen("tcp", service, &conf)
if err != nil {
log.Fatalf("TLS: listen error: %s", err)
}
log.Printf("TLS: listening on %s", service)
i := 0
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("TLS: accept: %s", err)
break
}
log.Printf("TLS: accepted from %s", conn.RemoteAddr())
TlsService(conn, settings)
i = i + 1
}
}
func (s *ConnectionXMPPSuite) Test_Dial_worksIfTheHandshakeSucceedsButFailsOnInvalidCertHash(c *C) {
rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
conn := &fullMockedConn{rw: rw}
var tlsC tls.Config
tlsC.Rand = fixedRand([]string{
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F",
"000102030405060708090A0B0C0D0E0F",
})
d := &dialer{
JID: "*****@*****.**",
password: "******",
serverAddress: "www.olabini.se:443",
verifier: &basicTLSVerifier{[]byte("aaaaa")},
config: data.Config{
TLSConfig: &tlsC,
},
}
_, err := d.setupStream(conn)
c.Assert(err.Error(), Equals, "tls: server certificate does not match expected hash (got: 82454418cb04854aa721bb0596528ff802b1e18a4e3a7767412ac9f108c9d3a7, want: 6161616161)")
}
func (s *ConnectionXmppSuite) Test_Dial_worksIfTheHandshakeSucceedsButSucceedsOnValidCertHash(c *C) {
rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
conn := &fullMockedConn{rw: rw}
var tlsC tls.Config
tlsC.Rand = fixedRand([]string{
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F",
"000102030405060708090A0B0C0D0E0F",
})
d := &dialer{
JID: "*****@*****.**",
password: "******",
serverAddress: "www.olabini.se:443",
verifier: &basicTLSVerifier{bytesFromHex("82454418cb04854aa721bb0596528ff802b1e18a4e3a7767412ac9f108c9d3a7")},
config: data.Config{
TLSConfig: &tlsC,
},
}
_, err := d.setupStream(conn)
c.Assert(err, Equals, io.EOF)
}
func ServerTLSListen(service string, f func(conn net.Conn)) {
// Load x509 certificates for our private/public key, makecert.sh will
// generate them for you.
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
// Note if we don't tls.RequireAnyClientCert client side certs are ignored.
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
config.Rand = rand.Reader
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Print("server: listening")
// Keep this loop simple/fast as to be able to handle new connections
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("server: accept: %s", err)
break
}
log.Printf("server: accepted from %s", conn.RemoteAddr())
// Fire off go routing to handle rest of connection.
go handleClient(conn, f)
}
}
func main() {
random, _ := os.Open("/dev/urandom", os.O_RDONLY, 0)
pembytes := readEntireFile("/home/kris/SSL/gr0g.crt")
cert, _ := pem.Decode(pembytes)
keybytes := readEntireFile("/home/kris/SSL/gr0g.key")
pk, _ := pem.Decode(keybytes)
privatekey, _ := x509.ParsePKCS1PrivateKey(pk.Bytes)
config := new(tls.Config)
config.Certificates = make([]tls.Certificate, 1)
config.Certificates[0].Certificate = [][]byte{cert.Bytes}
config.Certificates[0].PrivateKey = privatekey
config.Rand = random
//config.RootCAs = caset
config.Time = time.Seconds
listener, err := tls.Listen("tcp", "0.0.0.0:8443", config)
fmt.Printf("%s\n", err)
for {
conn, _ := listener.Accept()
go func() {
for {
buf := make([]byte, 1024)
_, err := conn.Read(buf)
if err != nil {
return
}
fmt.Printf("%s", buf)
}
}()
}
}
func (s *ConnectionXmppSuite) Test_Dial_worksIfTheHandshakeSucceeds(c *C) {
rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
conn := &fullMockedConn{rw: rw}
var tlsC tls.Config
tlsC.Rand = fixedRand([]string{
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F",
"000102030405060708090A0B0C0D0E0F",
})
d := &dialer{
JID: "*****@*****.**",
password: "******",
serverAddress: "www.olabini.se:443",
verifier: &basicTLSVerifier{},
config: data.Config{
TLSConfig: &tlsC,
},
}
_, err := d.setupStream(conn)
c.Assert(err, Equals, io.EOF)
c.Assert(string(rw.write), Equals, ""+
"<?xml version='1.0'?><stream:stream to='www.olabini.se' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x96\x01\x00\x00\x92\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x1c\xc0/\xc0+\xc00\xc0,\xc0\x13\xc0\t\xc0\x14\xc0\n"+
"\x00\x9c\x00\x9d\x00/\x005\xc0\x12\x00\n"+
"\x01\x00\x00M\x00\x00\x00\x13\x00\x11\x00\x00\x0ewww.olabini.se\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\x0e\x00\f\x04\x01\x04\x03\x05\x01\x05\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x00\x12\x00\x00\x16\x03\x03\x00F\x10\x00\x00BA\x04\b\xda\xf8\xb0\xab\xae5\t\xf3\\\xe1\xd31\x04\xcb\x01\xb9Qb̹\x18\xba\x1f\x81o8\xd3\x13\x0f\xb8\u007f\x92\xa3\b7\xf8o\x9e\xef\x19\u007fCy\xa5\n"+
"b\x06\x82fy]\xb9\xf83\xea6\x1d\x03\xafT[\xe7\x92\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00(\x00\x00\x00\x00\x00\x00\x00\x00j\xc9\xd4\xef'\xc2ڲ6e\x88JD$\x9d\x15O\x80\x15\u0099-.(T\x99\xb3\xbf\x869~\x11\x17\x03\x03\x00\xa5\x00\x00\x00\x00\x00\x00\x00\x01W'*.\vz\x85%%E\xee\x119\x82\xe4\xfe\xf5o\x111m|\x8d\xbb ģ\x06\xf2a_M\xd3\xebޤ:\xe3\x00\x92A\xd6\\\xa7\xce<\"F?tr\xbc1gȮD\\ՎG\xe7\x9e\xc8\u007f\x9e\x1eD\xdbJ&\xe5T2b\xa5J\xc9\xc99\"Ek\xc0\x0fa\xf4\x9b*\xb1\x9a\x10^^(\x8f\x1b\x8b\xdd\x04\xe8\xe6\xf5\xb6+V\x1d\xd7\xeb512\xc0*\x8e7\x15\xdd\t\x04\x1d-#\xf8\x9d^\x16k\xa4\x1d\xe0s\x90E\x8cNG\x93\xb0\xd5]\x1d\x01B\xe9\x18T\xc7@\x11\x1a\x17\xe3\xb9b\x19\x1a")
}
func main() {
cert, err := tls.LoadX509KeyPair("jan.newmarch.name.pem", "private.pem")
checkError(err)
config := tls.Config{Certificates: []tls.Certificate{cert}}
now := time.Now()
config.Time = func() time.Time { return now }
config.Rand = rand.Reader
service := "192.168.1.105:1200"
listenter, err := tls.Listen("tcp", service, &config)
checkError(err)
fmt.Println("Listening")
for {
conn, err := listenter.Accept()
if err != nil {
fmt.Println(err.Error())
continue
}
fmt.Println("Accepted")
go handleClient(conn)
}
}
func main() {
cert, err := tls.LoadX509KeyPair("server.pem", "server.key")
if err != nil {
panic("Error loading X509 Key Pair")
}
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
config.Rand = rand.Reader
service := ":1201"
listener, err := tls.Listen("tcp", service, &config)
checkError(err)
clientId = 0
for {
conn, err := listener.Accept()
if err != nil {
continue
}
client := Client{clientId, conn}
clientList.Add(&client)
clientId++
// run as a goroutine
go handleClient(client)
}
}
func NetInitTls(quit chan int, gameLogic func(*Client), port int, readDeadline, writeDeadline time.Duration, certFile, keyFile string) error {
initMutex.Lock()
if normalTcp {
initMutex.Unlock()
return errors.New("Alrealdy inited as normal tcp")
}
if tlsTcp {
initMutex.Unlock()
return errors.New("Can not init twice")
}
tlsTcp = true
initMutex.Unlock()
Clients = make(map[int]*Client)
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return err
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
go socketTlsListener(quit, gameLogic, port, readDeadline, writeDeadline, &config)
return nil
}
//run starts the webserver
func (v *Vault) startServer() error {
glog.Infof("Starting local server\n")
router := gin.New()
//TODO initialize configurations, correct middlewares, https/http
router.Use(ginglog.Logger(5)) //5 seconds
router.Use(gin.Recovery())
//setting up https by default
var tlsConfig = tls.Config{}
keypair, err := tls.LoadX509KeyPair(v.config["tlsCertfilePath"], v.config["tlsKeyfilePath"])
if err != nil {
fmt.Printf("ERR: Could not load X509 KeyPair, caused by: %s\n", err)
os.Exit(1) //exit explicitely as we choose a fail fast approach
}
tlsConfig.Certificates = []tls.Certificate{keypair}
tlsConfig.NextProtos = []string{"http/1.1"}
tlsConfig.Rand = rand.Reader
router.GET("/secret/:appID", v.getSecret)
serve := &http.Server{
Addr: fmt.Sprintf(":%s", v.config["serverPort"]),
Handler: router,
TLSConfig: &tlsConfig,
}
err = serve.ListenAndServe()
if err != nil {
glog.Errorf("Cannot start server for Cubbyhole tokens distribution\n")
}
return err
}
func (l *TLSLog) initConfig(config *tls.Config) {
l.log = ""
l.logRand = newLogRand(config.Rand)
config.Rand = l.logRand
config.SessionTicketsDisabled = false
if config.ClientSessionCache == nil {
config.ClientSessionCache = tls.NewLRUClientSessionCache(1)
}
}
func main() {
ca_b, err := ioutil.ReadFile("../../autogen/key/cacert.der")
if err != nil {
fmt.Println("read cacert.der failed: ", err)
return
}
ca, err := x509.ParseCertificate(ca_b)
if err != nil {
fmt.Println("parse cacert.der failed: ", err)
return
}
priv_b, err := ioutil.ReadFile("../../autogen/key/cakey.der")
if err != nil {
fmt.Println("read cakey.der failed: ", err)
return
}
priv, err := x509.ParsePKCS1PrivateKey(priv_b)
if err != nil {
fmt.Println("parse cakey.der failed: ", err)
return
}
pool := x509.NewCertPool()
pool.AddCert(ca)
cert := tls.Certificate{
Certificate: [][]byte{ca_b},
PrivateKey: priv,
}
config := tls.Config{
ClientAuth: tls.NoClientCert,
Certificates: []tls.Certificate{cert},
ClientCAs: pool,
}
config.Rand = rand.Reader
service := "0.0.0.0:9999"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
fmt.Printf("tls.listen() failed: %s\n", err)
}
fmt.Println("server: listening")
for {
conn, err := listener.Accept()
if err != nil {
fmt.Printf("server: accept: %s\n", err)
break
}
defer conn.Close()
fmt.Printf("server: accepted from %s\n", conn.RemoteAddr())
go process_connection(conn)
}
}
func getTLSListener(listenAddress string) (net.Listener, error) {
cert, err := loadCertificate()
if err != nil {
return nil, err
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
return tls.Listen("tcp", listenAddress, &config)
}
func GetSocket(cfg *ini.Section) (net.Conn, error) {
var conn net.Conn
var err error
host := cfg.Key("host").String()
port := cfg.Key("port").String()
address := host + ":" + port
if _, err = net.ResolveTCPAddr("tcp", address); err != nil {
return nil, err
}
if cfg.Key("ssl").MustBool() {
key := cfg.Key("sslcert").String()
private := cfg.Key("sslkey").String()
cert, err := tls.LoadX509KeyPair(key, private)
if err != nil {
err = errors.New("Error when loading SSL certificate: " + err.Error())
return nil, err
}
caCert, err := ioutil.ReadFile(key)
if err != nil {
return nil, err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config := tls.Config{
RootCAs: caCertPool,
Certificates: []tls.Certificate{cert},
}
now := time.Now()
config.Time = func() time.Time { return now }
config.Rand = rand.Reader
conn, err = tls.Dial("tcp", address, &config)
if err != nil {
return nil, err
}
} else {
conn, err = net.Dial("tcp", address)
if err != nil {
return nil, err
}
}
return conn, err
}
func main() {
pem = "cert.pem"
key = "cert.key"
if _, err := os.Stat(pem); os.IsNotExist(err) {
if _, err := os.Stat(key); os.IsNotExist(err) {
fmt.Println("no certs found, generating new self signed certs.")
genCert()
}
}
if _, err := os.Stat(key); err == nil {
ca_b, _ := ioutil.ReadFile(pem)
ca, _ := x509.ParseCertificate(ca_b)
priv_b, _ := ioutil.ReadFile(key)
priv, _ := x509.ParsePKCS1PrivateKey(priv_b)
pool := x509.NewCertPool()
pool.AddCert(ca)
cert := tls.Certificate{
Certificate: [][]byte{ca_b},
PrivateKey: priv,
}
config := tls.Config{
Certificates: []tls.Certificate{cert},
//MinVersion: tls.VersionSSL30, //don't use SSLv3, https://www.openssl.org/~bodo/ssl-poodle.pdf
MinVersion: tls.VersionTLS10,
//MinVersion: tls.VersionTLS11,
//MinVersion: tls.VersionTLS12,
}
config.Rand = rand.Reader
port := ":4443"
listener, err := tls.Listen("tcp", port, &config)
if err != nil {
log.Fatalf("https: listen: %s", err)
}
log.Printf("https: listening on %s", port)
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("https: accept: %s", err)
break
}
defer conn.Close()
log.Printf("https: accepted from %s to %s", conn.RemoteAddr(), port)
go handleClient(conn)
}
} else {
log.Fatalf("https: NO CERT FOUND")
}
}
func (s *ConnectionXmppSuite) Test_Dial_worksIfTheHandshakeSucceeds(c *C) {
rw := &mockMultiConnIOReaderWriter{read: validTLSExchange}
conn := &fullMockedConn{rw: rw}
var tlsC tls.Config
tlsC.Rand = fixedRand([]string{
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
"000102030405060708090A0B0C0D0E0F",
"000102030405060708090A0B0C0D0E0F",
})
d := &dialer{
JID: "*****@*****.**",
password: "******",
serverAddress: "www.olabini.se:443",
verifier: &basicTLSVerifier{},
config: data.Config{
TLSConfig: &tlsC,
},
}
_, err := d.setupStream(conn)
c.Assert(err, Equals, io.EOF)
if isVersionOldish() {
c.Assert(string(rw.write), Equals, ""+
"<?xml version='1.0'?><stream:stream to='www.olabini.se' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x8c\x01\x00\x00\x88\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x1a\xc0/\xc0+\xc0\x11\xc0\a\xc0\x13\xc0\t\xc0\x14\xc0\n"+
"\x00\x05\x00/\x005\xc0\x12\x00\n"+
"\x01\x00\x00E\x00\x00\x00\x13\x00\x11\x00\x00\x0ewww.olabini.se\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\n"+
"\x00\b\x04\x01\x04\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x16\x03\x03\x00F\x10\x00\x00BA\x04\b\xda\xf8\xb0\xab\xae5\t\xf3\\\xe1\xd31\x04\xcb\x01\xb9Qb̹\x18\xba\x1f\x81o8\xd3\x13\x0f\xb8\u007f\x92\xa3\b7\xf8o\x9e\xef\x19\u007fCy\xa5\n"+
"b\x06\x82fy]\xb9\xf83\xea6\x1d\x03\xafT[\xe7\x92\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00@\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0fL\x86\xb5⌍\xfe\xc77\x8b\x01\x18\xces\xf4\x01S\xcbI9\t \x9e1\xe6U\n"+
"\xff\xa67\xe4,Z\x05\x9e\xcfՈ\xfd-ڰ\x9dn\xac[Ud\x17\x03\x03\x00\xc0\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0f\xd6|\xd9h1\xb4}ȹ\x80\xe7]\xbf\b\xe5Ю~N\x11n(Ӯ`\xcd\xfb\xc4E1Ѧ\xa0d\x83#?\b\xde\x1bp5@\x94\xe8\x89\xc0\xdb.\x03pd\xa6&|\xa2\xd8\f6\x91\a\xeb6G\xe5\xe1@\x02a\x89\x95@\x81\x0e\x161Dy\xf1N\xbf4\xf1\x93\xa4\xd2\xfc\xb6JZi\xb5\b\x13\xb7{n\\\xd6\x15M!\xe5\x10\xdc\x15\xbb\xab\xc0'\x11\xf6\xb8\xfa\x82I\x18\x96\xe1>\xa1\xa6GT\x1cy\x94X\xa7\xfa\x9c\xf5\xa8\xe8\t\xc8\xf5I\xce\xd9\xd8<\xf8\x9d\x93\xf8\x9b\xdd8\xbbIdVP\x0f\x88\x05{\x9b\x84Z\x82\x91\x9e4\x91}\x97nZ\xa2n\xfe.#?")
} else {
c.Assert(string(rw.write), Equals, ""+
"<?xml version='1.0'?><stream:stream to='www.olabini.se' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x92\x01\x00\x00\x8e\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x18\xc0/\xc0+\xc00\xc0,\xc0\x13\xc0\t\xc0\x14\xc0\n"+
"\x00/\x005\xc0\x12\x00\n"+
"\x01\x00\x00M\x00\x00\x00\x13\x00\x11\x00\x00\x0ewww.olabini.se\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\x0e\x00\f\x04\x01\x04\x03\x05\x01\x05\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x00\x12\x00\x00\x16\x03\x03\x00F\x10\x00\x00BA\x04\b\xda\xf8\xb0\xab\xae5\t\xf3\\\xe1\xd31\x04\xcb\x01\xb9Qb̹\x18\xba\x1f\x81o8\xd3\x13\x0f\xb8\u007f\x92\xa3\b7\xf8o\x9e\xef\x19\u007fCy\xa5\n"+
"b\x06\x82fy]\xb9\xf83\xea6\x1d\x03\xafT[\xe7\x92\x14\x03\x03\x00\x01\x01\x16\x03\x03\x00(\x00\x00\x00\x00\x00\x00\x00\x00~nq\xd7\x04\\\x97\xdfR\f\xd5Aѥ\xf3\t>\x81P\xc0\xffO\xc2\xd9`\xf3\u0094\xb3\x14\x04\x90\x17\x03\x03\x00\xa5\x00\x00\x00\x00\x00\x00\x00\x01\x1c3\xb8T0zp\x01\xe2P\xffI\xec\x1d a^w\x94\xf2+\xd6\xc7\xd8\x10\x108`\x9f\x98h(\x1f\xf0\xd5\xd0\U000163fb\x9d\x98\xd5s\xc36\xe6\x9bR\x88\x9d\xb7/#\x18^!1\x06\x90;#\x04\u03a2\x9djf\xd5\xd8:\x05+\x10T\x1a\x00\xd1\xc1\xe6\xd9V\xeb\xb6p+\xfa\xa3`\x92\xc0Z\xd3\xe6}K;\x02\xfc\xc9\u0530\x0f\xbd\xeeX\xf8\xf7\xdf\x16\x05q9\xecat\x80\x97\x80\xa0\x1fŊ\xa7\n"+
"\x9e\xfaڣ\xae\xeb\xc0k\n"+
"\x14\"\xb1N\x89{\x90z\xaf\xbeCP\xfd\x98\x9b\x13v\x14\xe9\xd1\x1f\x9e\x96")
}
}
func StartListenSSL() {
if myopt.ListenSSL == "" {
return
}
var err error
certFile := myopt.CrtFile
keyFile := myopt.PemFile
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
Log("LoadX509KeyPair:", myopt.PemFile, myopt.CrtFile, err)
return
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Time = time.Now
config.Rand = rand.Reader
addr := myopt.ListenSSL
lstn, err := tls.Listen("tcp", addr, &config)
if err != nil {
Log("Listen:", err)
return
}
Log("SSL Listening on", addr)
l := lstn
for {
srcConn, err := l.Accept()
if err != nil {
Log("SSL Accept:", err)
break
}
c, err := newConn(srcConn)
if err != nil {
Log("SSL newConn:", err)
continue
}
c.Name = "SSL " + srcConn.RemoteAddr().String()
c.isSSL = true
go c.serve()
}
return
}
func InitListener() net.Listener {
cert, err := tls.LoadX509KeyPair("config/server.pem", "config/server.key")
if err != nil {
checkErr(err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert}
config.Rand = rand.Reader
service := "0.0.0.0:" + PORT
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
checkErr(err)
}
log.Printf("\n======================\nGBServer: Listening...\n======================\n")
return listener
}
func (s *ConnectionXmppSuite) Test_Dial_failsWhenStartingAHandshake(c *C) {
rw := &mockConnIOReaderWriter{read: []byte(
"<?xml version='1.0'?>" +
"<str:stream xmlns:str='http://etherx.jabber.org/streams' version='1.0'>" +
"<str:features>" +
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>" +
"</starttls>" +
"<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>" +
"<mechanism>PLAIN</mechanism>" +
"</mechanisms>" +
"</str:features>" +
"<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>",
)}
conn := &fullMockedConn{rw: rw}
var tlsC tls.Config
tlsC.Rand = fixedRand([]string{"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"})
d := &dialer{
JID: "user@domain",
password: "******",
config: data.Config{
TLSConfig: &tlsC,
},
}
_, err := d.setupStream(conn)
c.Assert(err, Equals, io.EOF)
if isVersionOldish() {
c.Assert(string(rw.write), Equals, ""+
"<?xml version='1.0'?><stream:stream to='domain' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x84\x01\x00\x00\x80\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x1a\xc0/\xc0+\xc0\x11\xc0\a\xc0\x13\xc0\t\xc0\x14\xc0\n"+
"\x00\x05\x00/\x005\xc0\x12\x00\n"+
"\x01\x00\x00=\x00\x00\x00\v\x00\t\x00\x00\x06domain\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\n"+
"\x00\b\x04\x01\x04\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00",
)
} else {
c.Assert(string(rw.write), Equals, ""+
"<?xml version='1.0'?><stream:stream to='domain' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n"+
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\x16\x03\x01\x00\x8a\x01\x00\x00\x86\x03\x03\x00\x01\x02\x03\x04\x05\x06\a\b\t\n"+
"\v\f\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x00\x00\x18\xc0/\xc0+\xc00\xc0,\xc0\x13\xc0\t\xc0\x14\xc0\n"+
"\x00/\x005\xc0\x12\x00\n"+
"\x01\x00\x00E\x00\x00\x00\v\x00\t\x00\x00\x06domain\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n"+
"\x00\b\x00\x06\x00\x17\x00\x18\x00\x19\x00\v\x00\x02\x01\x00\x00\r\x00\x0e\x00\f\x04\x01\x04\x03\x05\x01\x05\x03\x02\x01\x02\x03\xff\x01\x00\x01\x00\x00\x12\x00\x00",
)
}
}
// Starttls
func (s *SMTPServerSession) smtpStartTLS() {
if s.tls {
s.out("454 - transaction is already over SSL/TLS")
s.SMTPResponseCode = 454
return
}
//s.out("220 Ready to start TLS")
cert, err := tls.LoadX509KeyPair(path.Join(GetBasePath(), "ssl/server.crt"), path.Join(GetBasePath(), "ssl/server.key"))
if err != nil {
msg := "TLS failed unable to load server keys: " + err.Error()
s.logError(msg)
s.out("454 " + msg)
s.SMTPResponseCode = 454
return
}
tlsConfig := tls.Config{
Certificates: []tls.Certificate{cert},
InsecureSkipVerify: true,
}
tlsConfig.Rand = rand.Reader
s.out("220 Ready to start TLS nego")
s.SMTPResponseCode = 220
//var tlsConn *tls.Conn
//tlsConn = tls.Server(client.socket, TLSconfig)
s.connTLS = tls.Server(s.conn, &tlsConfig)
// run a handshake
// errors.New("tls: unsupported SSLv2 handshake received")
err = s.connTLS.Handshake()
if err != nil {
msg := "454 - TLS handshake failed: " + err.Error()
s.SMTPResponseCode = 454
if err.Error() == "tls: unsupported SSLv2 handshake received" {
s.log(msg)
} else {
s.logError(msg)
}
s.out(msg)
return
}
s.log("connection upgraded to " + tlsGetVersion(s.connTLS.ConnectionState().Version) + " " + tlsGetCipherSuite(s.connTLS.ConnectionState().CipherSuite))
//s.conn = net.Conn(tlsConn)
s.conn = s.connTLS
s.tls = true
s.seenHelo = false
}
func (server *SMTPServer) RespondToStartTLS(conn net.Conn, input *bufio.Reader, output *bufio.Writer) (*tls.Conn, *bufio.Reader, *bufio.Writer) {
output.WriteString("220 Go ahead\r\n")
output.Flush()
server.CurrentDelivery.UsedTLS = true
cert, err := tls.X509KeyPair([]byte(certPEM), []byte(keyPEM))
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
tlsConn := tls.Server(conn, &config)
return tlsConn, bufio.NewReader(tlsConn), bufio.NewWriter(tlsConn)
}
func ListenerEnableTLS(listener net.Listener, tlsCfg *TlsCfg) net.Listener {
//openssl genrsa -out server.key 1024
//openssl req -new -key server.key -out csr.pem
//openssl x509 -req -in csr.pem -signkey server.key -out cert.pem
pwd, err := os.Getwd()
glog.V(KGlogLevel).Infof("pwd: %v\n", pwd)
//fmt.Printf("pwd: %v\n", pwd)
// cert, err := tls.LoadX509KeyPair("./src/utilx/cert.pem", "./src/utilx/server.key")
cert, err := tls.LoadX509KeyPair(tlsCfg.Pem, tlsCfg.Key)
if err != nil {
glog.Fatalf("server: loadkeys: %s", err)
//log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Time = time.Now
config.Rand = rand.Reader
listen := tls.NewListener(listener, &config)
return listen
}
func getServerConfig() *tls.Config {
capool := x509.NewCertPool()
if ok := capool.AppendCertsFromPEM([]byte(ca_s)); !ok {
panic("Cannot add cert")
}
cert, err := tls.X509KeyPair([]byte(cert1_s), []byte(priv1_s))
if err != nil {
panic(err)
}
config := tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{cert},
ClientCAs: capool,
}
config.Rand = rand.Reader
return &config
}
func ConnectTls(settings config.Settings) {
c, err := exists(settings.CertName)
if !c {
log.Printf("Cert file doesnt exist! %s", err)
GenKeyCert("127.0.0.1", settings.CertName, settings.KeyName)
}
//TODO client certs
addr := GetAddress(settings, "127.0.0.1")
log.Printf("Starting TLS connection to %s", addr)
i := -1
//only one at once. -1 represents 'forever'
conf := tls.Config{
//Certificates: []tls.Certificate{cert},
CipherSuites: []uint16{
tls.TLS_RSA_WITH_RC4_128_SHA,
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
InsecureSkipVerify: true}
conf.Rand = rand.Reader
for i < settings.MaxReconnects || settings.MaxReconnects < 0 {
conn, err := tls.Dial("tcp", addr, &conf)
if err != nil {
log.Printf("error connecting: %s", err.Error())
} else {
if settings.Verbose {
log.Printf("Connected")
}
//same thread (prevent program exit)
ch := make(chan int, 100)
EchoService(conn, settings, ch)
foo, ok := <-ch
log.Printf("response ok: %b, code: %d", ok, foo)
}
i++
}
log.Printf("Finished after %d connections", i+1)
}